A Close Look at the NSA’s Most Powerful Internet Attack Tool

Posted on March 14, 2014 by mea

Rather than go through the bureaucratic fight to move the attack logic into “system low” (and co-located on the wiretap), the NSA sought to work around it in the case of QUANTUMHAND. Instead of targeting just any web connection for exploitation, it targeted persistent “push” connections from Facebook, where a user’s browser would leave an idle connection open, waiting for a command from the server.

This way, even the slow, broken, classified architecture could exploit Facebook users. Sadly for NSA and GCHQ (and FSB, and DGSE, and every other spy agency), Facebook turned on encryption a few months ago, which should thwart this attack.

via A Close Look at the NSA’s Most Powerful Internet Attack Tool | Wired Opinion | Wired.com.

The biggest limitation on QUANTUM is location: The attacker must be able to see a request which identifies the target. Since the same techniques can work on a Wi-Fi network, a $50 Raspberry Pi, located in a Foggy Bottom Starbucks, can provide any country, big and small, with a little window of QUANTUM exploitation. A foreign government can perform the QUANTUM attack NSA-style wherever your traffic passes through their country.

Warrantless Cellphone Tracking

Posted on March 9, 2014 by mea

The secretive technology is generically known as a stingray or IMSI catcher, but the Harris device is also specifically called the Stingray. When mobile phones — and other wireless communication devices like air cards — connect to the stingray, it can see and record their unique ID numbers and traffic data, as well as information that points to the device’s location. By moving the stingray around, authorities can triangulate the device’s location with much more precision than they can get through data obtained from a mobile network provider’s fixed tower location.
The government has long asserted that it doesn’t need to obtain a probable-cause warrant to use the devices because they don’t collect the content of phone calls and text messages but rather operate like pen-registers and trap-and-traces, collecting the equivalent of header information.

via Florida Cops’ Secret Weapon: Warrantless Cellphone Tracking | Threat Level | Wired.com.

Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack

Posted on February 26, 2014 by mea

A coalition of bitcoin businesses — including bitcoin wallet-makers Coinbase and Blockchain — quickly put out a statement as news of the hack spread. “This tragic violation of the trust of users of Mt. Gox was the result of one company’s abhorrent actions and does not reflect the resilience or value of bitcoin and the digital currency industry,” they said. “There are hundreds of trustworthy and responsible companies involved in bitcoin.”

via Bitcoin Exchange Mt. Gox Goes Offline Amid Allegations of $350 Million Hack | Wired Enterprise | Wired.com.

World’s largest DDoS strikes US, Europe

Posted on February 11, 2014 by mea

The Network Time Protocol (NTP) Reflection attack exploits a timing mechanism that underpins a way the internet works to greatly amplify the power of what would otherwise be a small and ineffective assault.

via World’s largest DDoS strikes US, Europe – Security – Technology – News – iTnews.com.au.

The OpenNTPProject can help administrators determine if their servers are vulnerable.

Hearings on community broadband services bill postponed

Posted on February 4, 2014 by mea

Senate Bill 304 would prohibit cities and counties from building public broadband networks. The Commerce Committee, which Lynn chairs, was scheduled to have a hearing Tuesday, but Lynn released a statement that hearings have been postponed indefinitely.

via Hearings on community broadband services bill postponed | Wichita Eagle.

The Biggest Battle in All Of EVE

Posted on January 28, 2014 by mea

Once the TCU onlining was decided, the fight just became about carnage: who could kill the most the fastest. The fleets committed by both sides represent a staggering amount of time, effort, and ISK. Each titan costs about 100 billion ISK (up to 160 or even 220b for particularly expensive fits), which can be purchased for about $3,000 USD by buying game time and selling it to other players for ISK. More than that, though, to build a titan requires several weeks and a nice quiet undisturbed area of space, something harder to find in the current climate. Supercarriers are similarly challenging. Dreadnaughts and carriers, while not as difficult to build, still represent a significant investment of effort on the part of an industrialist somewhere.

via B-R5RB: The Biggest Battle in All Of EVE | TheMittani.com.

Burden of proof of infringement on patent holder

Posted on January 23, 2014 by mea

The Supreme Court on Wednesday upheld the decision of the district court, stating that it holds that “when a licensee seeks a declaratory judgment against a patentee to establish that there is no infringement, the burden of proving infringement remains with the patentee.”

via US Supreme Court: Burden of proof of infringement on patent holder | ITworld.

A First Look at the Target Intrusion, Malware

Posted on January 17, 2014 by mea

Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

via A First Look at the Target Intrusion, Malware — Krebs on Security.

FAA Selects Six Sites for Unmanned Aircraft Research

Posted on January 2, 2014 by mea

In selecting the six test site operators, the FAA considered geography, climate, location of ground infrastructure, research needs, airspace use, safety, aviation experience and risk. In totality, these six test applications achieve cross-country geographic and climatic diversity and help the FAA meet its UAS research needs.

via FAA Selects Six Sites for Unmanned Aircraft Research.

Catalog Reveals NSA Has Back Doors for Numerous Devices

Posted on December 29, 2013 by mea

There is no information in the documents seen by SPIEGEL to suggest that the companies whose products are mentioned in the catalog provided any support to the NSA or even had any knowledge of the intelligence solutions. “Cisco does not work with any government to modify our equipment, nor to implement any so-called security ‘back doors’ in our products,” the company said in a statement. Contacted by SPIEGEL reporters, officials at Western Digital, Juniper Networks and Huawei also said they had no knowledge of any such modifications. Meanwhile, Dell officials said the company “respects and complies with the laws of all countries in which it operates.”

via Catalog Reveals NSA Has Back Doors for Numerous Devices – SPIEGEL ONLINE.

Cooperation such that telecom equipment providers provide in support of CALEA would be needed for this to work.

Bucktown Bell

Cut to the chase.

Category Archives: Current Events